alias Pleroma.Web.ActivityPub.Pipeline
alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.ActivityPub.Visibility
+ alias Pleroma.Formatter
import Pleroma.Web.Gettext
import Pleroma.Web.CommonAPI.Utils
transaction =
Repo.transaction(fn ->
with {_, {:ok, chat_message_data, _meta}} <-
- {:build_object, Builder.chat_message(user, recipient.ap_id, content)},
+ {:build_object,
+ Builder.chat_message(
+ user,
+ recipient.ap_id,
+ content |> Formatter.html_escape("text/plain")
+ )},
{_, {:ok, chat_message_object}} <-
{:create_object, Object.create(chat_message_data)},
{_, {:ok, create_activity_data, _meta}} <-
author = insert(:user)
recipient = insert(:user)
- {:ok, activity} = CommonAPI.post_chat_message(author, recipient, "a test message")
+ {:ok, activity} =
+ CommonAPI.post_chat_message(
+ author,
+ recipient,
+ "a test message <script>alert('uuu')</script>"
+ )
assert activity.data["type"] == "Create"
assert activity.local
assert object.data["type"] == "ChatMessage"
assert object.data["to"] == [recipient.ap_id]
- assert object.data["content"] == "a test message"
+
+ assert object.data["content"] ==
+ "a test message <script>alert('uuu')</script>"
assert Chat.get(author.id, recipient.ap_id)
assert Chat.get(recipient.id, author.ap_id)
projects / akkoma / commitdiff